Vulnerability CVE-2021-31805 - CERT Civis.Net

Vulnerability Name:

CVE-2021-31805 (CCN-223990)

Assigned:

2021-04-26

Published:

2022-04-12

Updated:

2022-07-25

Summary:

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-31805

Source: MLIST
Type: Mailing List, Mitigation, Third Party Advisory
[oss-security] 20220412 CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

Source: CCN
Type: Apache Struts 2 Documentation S2-062
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to remote code executio

Source: MISC
Type: Mitigation, Patch, Vendor Advisory
https://cwiki.apache.org/confluence/display/WW/S2-062

Source: XF
Type: UNKNOWN
apache-cve202131805-code-exec(223990)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220420-0001/

Source: CCN
Type: IBM Security Bulletin 6593763 (Content Collector)
CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593793 (Content Collector)
CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593795 (Content Collector)
CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593797 (Content Collector)
CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6598055 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6598687 (Tivoli Netcool/OMNIbus WebGUI)
Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)

Source: CCN
Type: IBM Security Bulletin 6601653 (Tivoli Application Dependency Discovery Manager)
Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2021-31805)

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: UNKNOWN
N/A

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:struts:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.5.29)

Configuration CCN 1:

cpe:/a:apache:struts:2.5.17:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.18:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.19:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.20:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.21:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.22:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.23:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.24:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.25:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.29:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.28:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.27:*:*:*:*:*:*:*

OR cpe:/a:apache:struts:2.5.26:*:*:*:*:*:*:*

AND

cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus_webgui:8.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable